Solve : Icons and taskbar is missing (winXP)?

1.	Solve : Icons and taskbar is missing (winXP)?
Answer» ComboFix 10-12-30.01 - xxx 12/31/2010 9:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1447 [GMT -8:00] Running from: c:\documents and settings\xxx\desktop\commy.exe Command switches used :: /stepdel AV: AVG Internet Security 2011 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall Disabled {8decf618-9569-4340-b34a-d78d28969b66} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\CFLog c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Application Data\Toolbar4 c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong c:\documents and settings\xxx\Application Data\Microsoft\Windows Firewall c:\documents and settings\xxx\Application Data\PriceGong c:\program files\Level Up Games\Crazy Kart\data\config\AnimLayer\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\config\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\gamblinghelp\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\login\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\spark\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\treasure\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\557_500_2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\abkeypad\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\ezpodbanner1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\helper\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\FRIENDLIST\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LISTCTRL\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LoadingTips\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\ONLINEPLAYERS\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\mov\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\GUI\update\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\animation\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\car\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\car\MODEL\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\Character\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\Character\model\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Speaker\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\textures\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\Model\textures\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\sound\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_3\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_4\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_5\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_3\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_4\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_5\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_3\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_4\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\5_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_3\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_4\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_5\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_6\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_7\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_8\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_9\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\7_0\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\advertisement\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\textures\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style1\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style2\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style3\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style4\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style5\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style6\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\SD_Log\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\sound\Desktop_.ini c:\program files\Level Up Games\Crazy Kart\sys\Desktop_.ini c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\1.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\a.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\b.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\c.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\d.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\e.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\f.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\g.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\h.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\i.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\J.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\k.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\l.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\m.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\n.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\o.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\p.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\q.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\r.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\s.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\t.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\u.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\v.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\w.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\x.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\y.xml c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\z.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\1.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\a.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\b.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\c.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\d.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\e.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\f.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\g.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\h.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\i.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\J.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\k.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\l.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\m.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\mru.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\n.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\o.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\p.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\q.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\r.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\s.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\t.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\u.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\v.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\w.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\x.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\y.xml c:\documents and settings\xxx\Application Data\PriceGong\Data\z.xml C:\HCTE6.tmp C:\HCTE7.tmp C:\HCTE8.tmp C:\HCTE9.tmp C:\HCTEA.tmp C:\HCTEB.tmp C:\HCTEC.tmp C:\HCTED.tmp C:\Install.exe c:\windows\system32\arp.exe c:\windows\system32\SCardSvr.exe c:\windows\system32\winlogon.bak c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job ----- BITS: Possible INFECTED sites ----- hxxp://globebroadbandclickfix.com.ph Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\winlogon.bak.vir . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ILVMONEYDRIVER53 -------\Service_IlvMoneyDRIVER53 ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 ))))))))))))))))))))))))))))))) . 2010-12-30 06:03 . 2010-12-30 06:03--------d-----w-c:\documents and settings\xxx\Local Settings\Application Data\Conduit 2010-12-30 05:38 . 2010-12-30 05:38--------d-----w-C:\Level Up Games 2010-12-28 23:12 . 2010-12-28 23:12--------d-----w-c:\documents and settings\xxx\Maps 2010-12-27 18:31 . 2010-12-27 18:31388096----a-r-c:\documents and settings\xxx\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-27 18:31 . 2010-12-27 18:31--------d-----w-c:\program files\Trend Micro 2010-12-27 05:13 . 2010-12-27 05:13--------d-----w-c:\documents and settings\xxx\Application Data\SUPERAntiSpyware.com 2010-12-27 05:13 . 2010-12-27 05:13--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-27 05:12 . 2010-12-27 05:13--------d-----w-c:\program files\SUPERAntiSpyware 2010-12-26 18:55 . 2010-12-26 18:55--------d-----w-c:\program files\CCleaner 2010-12-24 07:52 . 2010-12-24 07:53--------d-----w-c:\documents and settings\xxx\.64pixels 2010-12-23 21:39 . 2010-12-30 06:04--------d-----w-c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-12-23 21:39 . 2010-12-23 21:39--------d-----w-c:\program files\Common Files\DirectX 2010-12-23 21:38 . 2010-12-23 21:38--------d-----w-c:\program files\SmileyCentral_1vEI 2010-12-18 02:43 . 2010-12-18 02:43--------d-----w-c:\program files\SmileyCentralIE_1w 2010-12-18 02:33 . 2010-12-18 02:330----a-w-c:\windows\system32\ConduitEngine.tmp 2010-12-18 02:18 . 2010-12-23 21:38--------d-----w-c:\documents and settings\Test Account 2010-12-17 23:22 . 2010-12-23 21:38--------d-----w-c:\program files\VirtualDJ 2010-12-16 21:13 . 2010-12-18 02:15--------d-----w-c:\documents and settings\Administrator 2010-12-09 15:07 . 2010-12-09 15:07--------d-----w-c:\windows\system32\wbem\Repository 2010-12-09 04:50 . 2010-12-09 04:50--------d-sh--w-c:\documents and settings\NetworkService\IETldCache 2010-12-09 01:58 . 2010-12-09 01:58--------d-----w-c:\program files\X-Play 2010-12-08 21:02 . 2010-12-09 15:06--------d-----w-c:\program files\uTorrent Turbo Booster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-13 02:53 . 2010-04-18 00:07472808----a-w-c:\windows\system32\deployJava1.dll 2010-11-13 00:34 . 2010-04-18 00:0773728----a-w-c:\windows\system32\javacpl.cpl . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2010-10-18 10:263908192----a-w-c:\program files\Softonic-Eng7\tbSof0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-07-10 16:2397064----a-w-c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320] "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-06-11 204440] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Level Up Games\\Grand Chase\\main.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Level Up Games\\FreeStyle\\FreeStyle.exe"= "c:\\Program Files\\Level Up Games\\Rohan Online CBT\\Client\\rohanclient.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\FarmHelper\\FVBot.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\Gang Garrison 2\\Gang Garrison 2.exe"= "c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"= "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\VinServer34\\VinServer34.exe"= "c:\\Documents and Settings\\xxx\\My Documents\\Downloaded by flashget\\GGC Beta 2\\GGC.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\rcon_utility.exe"= "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\skulltag.exe"= "c:\\Program Files\\GameClub\\Philippines\\SpecialForce\\specialforce.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58426:TCP"= 58426:TCP:Pando Media Booster "58426:UDP"= 58426:UDP:Pando Media Booster "57230:TCP"= 57230:TCP:Pando Media Booster "57230:UDP"= 57230:UDP:Pando Media Booster "56684:TCP"= 56684:TCP:Pando Media Booster "56684:UDP"= 56684:UDP:Pando Media Booster "1035:TCP"= 1035:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 4:00 AM 14336] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032] R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [7/17/2009 1:13 PM 206120] R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [8/6/2009 3:16 PM 151192] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 11:02 AM 136176] S3 7ByteIo;7ByteIo;\??\c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys --> c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [?] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys --> c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp --> c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096] S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?] S3 XDva312;XDva312;\??\c:\windows\system32\XDva312.sys --> c:\windows\system32\XDva312.sys [?] S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?] S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?] S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] AkamaiREG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-12-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-XP-54E10D31A13C-xxx.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-16 10:44] 2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003Core.job - c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003UA.job - c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007Core.job - c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07] 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007UA.job - c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07] 2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{382D449B-C195-41E6-9C0F-C2CCC0C7D31D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.ph/ uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download All By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetAllUrl.htm IE: Download By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\mtid3796.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6b3303&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ph&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: [emailprotected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: FiddlerHook: [emailprotected] - c:\program files\Fiddler2\FiddlerHook FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Orange Fox: {5b35cb30-16b4-11de-8c30-0800200c9a66} - %profile%\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Battlefield Heroes Updater: [emailprotected] - %profile%\extensions\[emailprotected] FF - Ext: Firebug: [emailprotected] - %profile%\extensions\[emailprotected] FF - Ext: Conduit Engine : [emailprotected] - %profile%\extensions\[emailprotected] FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file) URLSearchHooks-{346de098-61f9-4b42-89da-6dfba7091bb6} - (no file) BHO-{5ed22e89-62fa-47ec-bd8d-374d849d436c} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-31 09:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(788) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3452) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Nero\Nero8\InCD\NBHShx.dll c:\program files\Nero\Nero8\InCD\NBHStr.dll c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ********************************************************************** . Completion time: 2010-12-31 09:28:26 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-31 17:28 Pre-Run: 71,741,403,136 bytes free Post-Run: 71,748,911,104 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 00FB71455A5BAD310D970830700C0DF4 Please download the newest version of Adobe Acrobat READER from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs. Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. ********************************************** P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. ****************************************** GameGuard Service doesn't have a very good reputation in the malware world. I would suggest that you uninstall it. Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Quote KillAll:: File:: c:\program files\Google\Update\GoogleUpdate.exe c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys c:\windows\system32\XDva285.sys c:\windows\system32\XDva312.sys c:\windows\system32\XDva361.sys c:\windows\system32\XDva367.sys c:\windows\system32\XDva368.sys c:\windows\system32\XDva370.sys c:\windows\system32\XDva372.sys c:\windows\system32\XDva377.sys DDS:: Trusted Zone: kuaiche.com\software Driver:: gupdate GarenaPEngine dump_wmimmc XDva285 XDva312 XDva361 XDva367 XDva368 XDva370 XDva372 XDva377 Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please post the contents of the log in your next reply. ************************************************** Please download TDSSKiller from here and save it to your Desktop. Doubleclick TDSSKiller.exe to run the tool Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.) After the scan has finished, click the Close button Click the Report** button and copy/paste the contents of it into your next reply Note:It will also create a log in the C:\* directory.*

Answer»

ComboFix 10-12-30.01 - xxx 12/31/2010 9:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1447 [GMT -8:00]
Running from: c:\documents and settings\xxx\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong
c:\documents and settings\xxx\Application Data\Microsoft\Windows Firewall
c:\documents and settings\xxx\Application Data\PriceGong
c:\program files\Level Up Games\Crazy Kart\data\config\AnimLayer\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\config\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\gamblinghelp\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\login\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\spark\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\treasure\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\557_500_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\abkeypad\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\ezpodbanner1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\helper\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\FRIENDLIST\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LISTCTRL\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LoadingTips\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\ONLINEPLAYERS\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\mov\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\update\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\animation\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\car\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\car\MODEL\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Character\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Character\model\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Speaker\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\sound\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\5_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_6\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_7\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_8\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_9\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\7_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\advertisement\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style6\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\SD_Log\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\sound\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\sys\Desktop_.ini
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\z.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\1.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\a.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\b.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\c.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\d.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\e.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\f.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\g.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\h.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\i.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\J.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\k.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\l.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\m.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\n.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\o.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\p.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\q.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\r.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\s.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\t.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\u.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\v.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\w.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\x.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\y.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\z.xml
C:\HCTE6.tmp
C:\HCTE7.tmp
C:\HCTE8.tmp
C:\HCTE9.tmp
C:\HCTEA.tmp
C:\HCTEB.tmp
C:\HCTEC.tmp
C:\HCTED.tmp
C:\Install.exe
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\winlogon.bak
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

----- BITS: Possible INFECTED sites -----

hxxp://globebroadbandclickfix.com.ph
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\winlogon.bak.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-30 06:03 . 2010-12-30 06:03--------d-----w-c:\documents and settings\xxx\Local Settings\Application Data\Conduit
2010-12-30 05:38 . 2010-12-30 05:38--------d-----w-C:\Level Up Games
2010-12-28 23:12 . 2010-12-28 23:12--------d-----w-c:\documents and settings\xxx\Maps
2010-12-27 18:31 . 2010-12-27 18:31388096----a-r-c:\documents and settings\xxx\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-27 18:31 . 2010-12-27 18:31--------d-----w-c:\program files\Trend Micro
2010-12-27 05:13 . 2010-12-27 05:13--------d-----w-c:\documents and settings\xxx\Application Data\SUPERAntiSpyware.com
2010-12-27 05:13 . 2010-12-27 05:13--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-27 05:12 . 2010-12-27 05:13--------d-----w-c:\program files\SUPERAntiSpyware
2010-12-26 18:55 . 2010-12-26 18:55--------d-----w-c:\program files\CCleaner
2010-12-24 07:52 . 2010-12-24 07:53--------d-----w-c:\documents and settings\xxx\.64pixels
2010-12-23 21:39 . 2010-12-30 06:04--------d-----w-c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-12-23 21:39 . 2010-12-23 21:39--------d-----w-c:\program files\Common Files\DirectX
2010-12-23 21:38 . 2010-12-23 21:38--------d-----w-c:\program files\SmileyCentral_1vEI
2010-12-18 02:43 . 2010-12-18 02:43--------d-----w-c:\program files\SmileyCentralIE_1w
2010-12-18 02:33 . 2010-12-18 02:330----a-w-c:\windows\system32\ConduitEngine.tmp
2010-12-18 02:18 . 2010-12-23 21:38--------d-----w-c:\documents and settings\Test Account
2010-12-17 23:22 . 2010-12-23 21:38--------d-----w-c:\program files\VirtualDJ
2010-12-16 21:13 . 2010-12-18 02:15--------d-----w-c:\documents and settings\Administrator
2010-12-09 15:07 . 2010-12-09 15:07--------d-----w-c:\windows\system32\wbem\Repository
2010-12-09 04:50 . 2010-12-09 04:50--------d-sh--w-c:\documents and settings\NetworkService\IETldCache
2010-12-09 01:58 . 2010-12-09 01:58--------d-----w-c:\program files\X-Play
2010-12-08 21:02 . 2010-12-09 15:06--------d-----w-c:\program files\uTorrent Turbo Booster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 02:53 . 2010-04-18 00:07472808----a-w-c:\windows\system32\deployJava1.dll
2010-11-13 00:34 . 2010-04-18 00:0773728----a-w-c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:263908192----a-w-c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 16:2397064----a-w-c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-06-11 204440]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Level Up Games\\Grand Chase\\main.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Level Up Games\\FreeStyle\\FreeStyle.exe"=
"c:\\Program Files\\Level Up Games\\Rohan Online CBT\\Client\\rohanclient.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\FarmHelper\\FVBot.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\Gang Garrison 2\\Gang Garrison 2.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\VinServer34\\VinServer34.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloaded by flashget\\GGC Beta 2\\GGC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\rcon_utility.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\skulltag.exe"=
"c:\\Program Files\\GameClub\\Philippines\\SpecialForce\\specialforce.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58426:TCP"= 58426:TCP:Pando Media Booster
"58426:UDP"= 58426:UDP:Pando Media Booster
"57230:TCP"= 57230:TCP:Pando Media Booster
"57230:UDP"= 57230:UDP:Pando Media Booster
"56684:TCP"= 56684:TCP:Pando Media Booster
"56684:UDP"= 56684:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 4:00 AM 14336]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [7/17/2009 1:13 PM 206120]
R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [8/6/2009 3:16 PM 151192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 11:02 AM 136176]
S3 7ByteIo;7ByteIo;\??\c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys --> c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys --> c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp --> c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva312;XDva312;\??\c:\windows\system32\XDva312.sys --> c:\windows\system32\XDva312.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-XP-54E10D31A13C-xxx.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-16 10:44]

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003Core.job
- c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003UA.job
- c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007Core.job
- c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007UA.job
- c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{382D449B-C195-41E6-9C0F-C2CCC0C7D31D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\mtid3796.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6b3303&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ph&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [emailprotected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: FiddlerHook: [emailprotected] - c:\program files\Fiddler2\FiddlerHook
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Orange Fox: {5b35cb30-16b4-11de-8c30-0800200c9a66} - %profile%\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Heroes Updater: [emailprotected] - %profile%\extensions\[emailprotected]
FF - Ext: Firebug: [emailprotected] - %profile%\extensions\[emailprotected]
FF - Ext: Conduit Engine : [emailprotected] - %profile%\extensions\[emailprotected]
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
URLSearchHooks-{346de098-61f9-4b42-89da-6dfba7091bb6} - (no file)
BHO-{5ed22e89-62fa-47ec-bd8d-374d849d436c} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-12-31 09:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 17:28

Pre-Run: 71,741,403,136 bytes free
Post-Run: 71,748,911,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 00FB71455A5BAD310D970830700C0DF4
Please download the newest version of Adobe Acrobat READER from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**********************************************
GameGuard Service doesn't have a very good reputation in the malware world. I would suggest that you uninstall it.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\program files\Google\Update\GoogleUpdate.exe
c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp
c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys
c:\windows\system32\XDva285.sys
c:\windows\system32\XDva312.sys
c:\windows\system32\XDva361.sys
c:\windows\system32\XDva367.sys
c:\windows\system32\XDva368.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva372.sys
c:\windows\system32\XDva377.sys

DDS::
Trusted Zone: kuaiche.com\software

Driver::
gupdate
GarenaPEngine
dump_wmimmc
XDva285
XDva312
XDva361
XDva367
XDva368
XDva370
XDva372
XDva377
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

******************************************************

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Solve : Icons and taskbar is missing (winXP)?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment